Secure VPN infrastructures at the Edge – Welotec RAP

When it comes to managing a high number of distributed devices in the field, connectivity and device access is key. However, setting up a secure VPN infrastructure which combines IT and OT comes along with a high effort in handling and coordination, especially in the field of IT-Security. This includes e. g. establishing a secure connection, updating of certificates, or generating data flows.

Welotec RAP – Secure VPN infrastructures at the Edge

Easy build up of secure VPN infrastructures to connect devices and machines

With our software solution Welotec RAP our customers benefit from a fully automated VPN infrastructure enabling connectivity and secure access to devices and machines in the field.  It comes with an easy deployment, brings flexibility in case of applications and ads an additional security layer to the network infrastructure.

The advantages at a glance: 

Easy  Setup and Handling

  • Automated certificate creation and updates via integrated PKI (Public Key Infrastructure)
  • Compatible with all devices able to run containers or support OpenVPN
  • Seamless Integration in third party systems via API  
  • Welotec VPN Container Client (VPN-CC) –virtual infrastructures with few clicks   
  • Independent of internet source or SIM Card – Edge devices can work behind a Firewall and with private IP addresses 
  • User-friendly web interface (individual settings, e. g. Branding & Design)

IT-Security & Connection
Security & Connection  

  • Secure tunneling connection between VPN endpoint with direct access to end devices 
  • Automated firewall rules and automatic routing 
  • Auto-renewal of VPN certificates based on user requirements and guidelines 
  • Easy implementation in private networks via API 
  • End-to-end encryption according to the BSI standard 
  • Flexible user and rights management based on tags 

High device compatibility and application flexibility for secure VPN tunnels

Depending on application and frame conditions, users face different challenges how to implement a secure VPN infrastructure. With Welotec RAP users are equipped with a solution opening a wide range of possibilities for best IT and OT convergence, also in the case of hardware retrofitting. Below please find a short overview of the relevant connection possibilities:

  • Connection via Welotec TK800 Router. In case of mass deployment, the rollout can be managed via Zero-Touch-Provisioning (see use-case below).
  • OpenVPN for stand-alone devices.
  • VPN Container Client – Hardware independent software container generating virtual infrastructures with few clicks. Rollout can be deployed through Cloud, Docker Swarm or Kubernetes.

VPN Container Cleint


Implications for Business

The successful implementation of a VPN infrastructure not only has advantages in terms of the implementation process or IT security. It also provides users with access to important data, which nowadays is the most important resource for business success.

Data Generation

Data Generation

  • Data gathering for increased efficiency and better decision making (e.g. maintenance or predictive maintenance) 
  • Improved analysis and processing through integration of data into third party systems via API (e.g. Big Data or Monitoring)

Remote Access

Remote Access 

  • Secure remote access to distributed devices and connected machines from all around the world –  24/7 access 
  • Increased efficiency through less effort in travel and staff presence  

New Business Models

Business Model  

  • Better service quality through predictive maintenance and reduced down-times 
  • Potential for new services and business models (e.g. Software-as-a-Service, Equipment-as-a-Service)

Use Case: building a VPN tunnel with Welotec RAP and Welotec TK800 4 G LTE Router


Step 01

Welotec TK800 Router is pre-configured at Welotec Factory and SIM is installed.

Step 02

Devices (e.g. 10x TK800 Router) are shipped to the customer

Step 03

Customer install TK800 at the machine, connect 4G antenna, Ethernet Cable and Power.

Step 04

TK800 is going online and showing up in the Remote Access Portal (self-registration).

Step 05

Customer can activate TK800 in the Remote Access Portal and assign a configuration.

Step 06

Configuration and Credentials are installed in the TK800.

Step 07

Secure Remote Access from a Computer – over the Remote Access Portal – to the device behind the TK800 (e.g. a PLC) is seamless possible.

Related tags